Reorganize and add copyright headers

1 files changed, 33 insertions, 65 deletions

diff --git a/configuration.nix b/configuration.nix
index fe0ab32..8af1061 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,90 +1,58 @@
-{ config, lib, pkgs, ... }:
-let
-  certs = config.security.acme.certs.${domain};
-  domain = config.networking.domain;
-  bindUserDirs = sources: target: lib.mapAttrs' (user: dir: {
-    name = target + user;
-    value = {
-      device = "${config.users.users.${user}.home}/${dir}";
-      options = [ "bind" ];
-    };
-  }) sources;
-in {
+# Overall configuration
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ config, pkgs, ... }:
+{
   environment = {
     enableAllTerminfo = true;
-    systemPackages = with pkgs; [ git rsync vim ];
+    systemPackages = with pkgs; [ git htop rsync vim ];
   };
 
-  fileSystems = bindUserDirs {
-    cnx = "www";
-  } "${config.services.nginx.virtualHosts.${domain}.root}/~";
-
   imports = [
     ./ipfs.nix
     ./matrix.nix
+    ./static.nix
     ./vpsadminos.nix
   ];
 
   networking = {
     domain = "loang.net";
-
-    firewall.allowedTCPPorts = [
-      80 # HTTP
-      443 # TLS
-      1965 # Gemini
-    ];
-
     hostName = "brno";
   };
 
-  security = {
-    acme = {
-      acceptTerms = true;
-      defaults.email = "mcsinyx@disroot.org";
-    };
-
-    sudo = {
-      enable = true;
-      execWheelOnly = true;
-      wheelNeedsPassword = false;
-    };
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = false;
   };
 
-  services = {
-    molly-brown = {
-      certPath = "${certs.directory}/cert.pem";
-      docBase = "/var/lib/gemini/${domain}";
-      enable = true;
-      hostName = domain;
-      keyPath = "${certs.directory}/key.pem";
-    };
-
-    nginx = {
-      enable = true;
-      recommendedProxySettings = true;
-      virtualHosts.${domain} = {
-        enableACME = true;
-        forceSSL = true;
-        root = "/var/lib/www/${domain}";
-      };
-    };
-
-    openssh = {
-      enable = true;
-      openFirewall = true;
-      passwordAuthentication = false;
-      ports = [ 2211 ];
-    };
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    passwordAuthentication = false;
+    ports = [ 2211 ];
   };
 
   system.stateVersion = "22.05";
 
-  systemd = {
-    extraConfig = ''
+  systemd.extraConfig = ''
       DefaultTimeoutStartSec=900s
-    '';
-    services.molly-brown.serviceConfig.SupplementaryGroups = [ certs.group ];
-  };
+  '';
 
   time.timeZone = "UTC";